forked from wagov/wasocshared
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
13 changed files
with
227 additions
and
41 deletions.
There are no files selected for viewing
21 changes: 21 additions & 0 deletions
21
.../advisories/20240207003-FortiSIEM-Critical-Command-Injection-Vulnerabilities.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
# FortiSIEM - Citical Command Injection Vulnerabilities - 20240207003 | ||
|
||
## Overview | ||
|
||
An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM can allow attacker to execute unauthorized code or commands via crafted API requests. | ||
|
||
## What is vulnerable? | ||
|
||
| Product(s) Affected | CVE | Severity | CVSS | | ||
| -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------- | ------------ | ---- | | ||
| Fortinet FortiSIEM versions <br />- **versions 7.1.0 through 7.1.1** <br />- **version 7.0.0 through 7.0.2** <br />- **version 6.7.0 through 6.7.8** <br />- **version 6.6.0 through 6.6.3** <br />- **version 6.5.0 through 6.5.2** <br />- **version 6.4.0 through 6.4.2** | [CVE-2024-23108](https://nvd.nist.gov/vuln/detail/CVE-2024-23108) , [CVE-2024-23109](https://nvd.nist.gov/vuln/detail/CVE-2024-23109) | **Critical** | 10.0 | | ||
|
||
## What has been observed? | ||
|
||
There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing. | ||
|
||
## Recommendation | ||
|
||
The WA SOC recommends administrators apply the solutions as per vendor instructions. (refer [Patch Management](../guidelines/patch-management.md)): | ||
|
||
- [FortiGuard](https://www.fortiguard.com/psirt/FG-IR-23-130) |
25 changes: 25 additions & 0 deletions
25
...240208001-VMware-Releases-Security-Advisory-for-Aria-Operations-for-Networks.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
# VMware Releases Security Advisory for Aria Operations for Networks - 20240208001 | ||
|
||
## Overview | ||
|
||
VMware released a security advisory to address multiple vulnerabilities in Aria Operations for Networks. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system. | ||
|
||
## What is vulnerable? | ||
|
||
| Product(s) Affected | Summary | Severity | CVSS | | ||
| ----------------------------------------------------------- | ------- | ---------- | ---- | | ||
| **Aria Operations for Networks** | | | | | ||
| - Local Privilege Escalation vulnerability (CVE-2024-22237) | | **High** | 7.8 | | ||
| - Cross Site Scripting Vulnerability (CVE-2024-22238) | | **Medium** | 6.4 | | ||
| - Local Privilege Escalation vulnerability (CVE-2024-22239) | | **Medium** | 5.3 | | ||
| - Local File Read vulnerability (CVE-2024-22240) | | **Medium** | 4.9 | | ||
|
||
## Recommendation | ||
|
||
The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe (refer [Patch Management](../guidelines/patch-management.md)): | ||
|
||
- [VMware Aria Operations for Networks](https://www.vmware.com/security/advisories/VMSA-2024-0002.html) | ||
|
||
## Additional References | ||
|
||
- [CISA - VMware Releases Security Advisory for Aria Operations for Networks](https://www.cisa.gov/news-events/alerts/2024/02/07/vmware-releases-security-advisory-aria-operations-networks) |
28 changes: 28 additions & 0 deletions
28
docs/advisories/20240209001-Ivanti-critical-patch-for-multiple-products.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
# Ivanti Critical Patch for Multiple Products - 20240209001 | ||
|
||
## Overview | ||
|
||
Ivanti has published an urgent patch for a new authentication bypass vulnerability impacting Connect Secure, Policy Secure, and ZTA gateways. Ivanti is urging admins to secure their appliances immediately. | ||
|
||
The 'low complexity' attack allows an attacker to access restricted resources without authentication. | ||
|
||
## What is vulnerable? | ||
|
||
| Product(s) Affected | Summary | Severity | CVSS | | ||
| ------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | ---- | | ||
| **Ivanti Connect Secure** `9.1R14.4, 9.1R17.2, 9.1R18.3, 22.4R2.2 and 22.5R1.1`, **Ivanti Policy Secure** `22.5R1.1` and **ZTA** `22.6R1.3` | **CVE-2024-22024** An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x) and ZTA gateways which allows an attacker to access certain restricted resources without authentication. | **Critical** | 8.3 | | ||
|
||
## What has been observed? | ||
|
||
There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing. As of writing, Ivanti states 'We have no evidence of any customers being exploited by CVE-2024-22024'. | ||
|
||
## Recommendation | ||
|
||
The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of **48 hours** (refer [Patch Management](../guidelines/patch-management.md)): | ||
|
||
- [Ivanti - CVE-2024-22024 (XXE) for Ivanti Connect Secure and Ivanti Policy Secure | ||
](https://forums.ivanti.com/s/article/CVE-2024-22024-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure?language=en_US) | ||
|
||
## Additional References | ||
|
||
- [BleepingComputer - Ivanti: Patch new Connect Secure auth bypass bug immediately](https://www.bleepingcomputer.com/news/security/ivanti-patch-new-connect-secure-auth-bypass-bug-immediately/) |
28 changes: 28 additions & 0 deletions
28
docs/advisories/20240209002-Fortinet-Multiple-RCE-Vulnerabilities-Exploited.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
# Fortinet Multiple RCE Vulnerabilities Exploited - 20240209002 | ||
|
||
## Overview | ||
|
||
Fortinet has announced a new critical remote code execution vulnerability in FortiOS SSL VPN which is potentially being exploited in the wild. The vulnerability could allow unauthenticated threat actors to gain remote code execution via maliciously crafted requests. | ||
|
||
## What is vulnerable? | ||
|
||
| **Product(s) Affected** | \*\*Recommended Solutions \*\* | **Severity** | **CVSS** | | ||
| ---------------------------- | ------------------------------ | ------------ | -------- | | ||
| FortiOS 7.6 - Not affected | _Not Applicable_ | NA | NA | | ||
| FortiOS 7.4.0 through 7.4.2 | _Upgrade to 7.4.3 or above_ | **Critical** | NA | | ||
| FortiOS 7.2.0 through 7.2.6 | _Upgrade to 7.2.7 or above_ | **Critical** | NA | | ||
| FortiOS 7.0.0 through 7.0.13 | _Upgrade to 7.0.14 or above_ | **Critical** | NA | | ||
| FortiOS 6.4.0 through 6.4.14 | _Upgrade to 6.4.15 or above_ | **Critical** | NA | | ||
| FortiOS 6.2.0 through 6.2.15 | _Upgrade to 6.2.16 or above_ | **Critical** | NA | | ||
| FortiOS 6.0 all versions | _Migrate to a fixed release_ | **Critical** | NA | | ||
|
||
## Recommendation | ||
|
||
The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *one month...* (refer [Patch Management](../guidelines/patch-management.md)): | ||
|
||
- [PSIRT | FortiGuard](https://www.fortiguard.com/psirt/FG-IR-24-015) | ||
- [docs.fortinet.com/upgrade-tool](https://docs.fortinet.com/upgrade-tool) | ||
|
||
## Additional References | ||
|
||
- [New Fortinet RCE flaw in SSL VPN likely exploited in attacks (bleepingcomputer.com)](https://www.bleepingcomputer.com/news/security/new-fortinet-rce-flaw-in-ssl-vpn-likely-exploited-in-attacks/) |
25 changes: 25 additions & 0 deletions
25
docs/advisories/20240209003-Google-Chrome-Security-Updates.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
# Google Chrome Security Updates - 20240209003 | ||
|
||
## Overview | ||
|
||
Use after free in Mojo in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||
|
||
## What is vulnerable? | ||
|
||
| Product(s) Affected | Summary | Severity | CVSS | | ||
| ----------------------------------------- | ------------------------------------------------------------------- | -------- | ---- | | ||
| from 121.0.6167.160 before 121.0.6167.160 | [**CVE-2024-1284**](https://nvd.nist.gov/vuln/detail/CVE-2024-1284) | **High** | N/A | | ||
|
||
## What has been observed? | ||
|
||
There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing. | ||
|
||
## Recommendation | ||
|
||
The WA SOC recommends administrators apply the solutions as per vendor instructions. (refer [Patch Management](../guidelines/patch-management.md)): | ||
|
||
- [**Chrome Releases**](https://chromereleases.googleblog.com/2024) | ||
|
||
## Additional References | ||
|
||
- [Fedora KITTY](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSCIL2WH2L4R4KWSRCTDWBPAMOJIYBJE/) |
35 changes: 35 additions & 0 deletions
35
...20240212001-Microsoft-Streaming-Service-Elevation-of-Privilege-Vulnerability.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,35 @@ | ||
# Microsoft Streaming Service Vulnerability Exploited - 20240212001 | ||
|
||
## Overview | ||
|
||
Microsoft Streaming Service Proxy with high local privilege escalation vulnerabilities have been reported exploited by the new Raspberry Robin campaign. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | ||
|
||
## What is the vulnerability? | ||
|
||
| CVE ID | Severity | CVSS | | ||
| ----------------------------------------------------------------- | -------- | ---- | | ||
| [CVE-2023-29360](https://nvd.nist.gov/vuln/detail/CVE-2023-29360) | **High** | 8.4 | | ||
|
||
## What is vulnerable? | ||
|
||
| Product(s) Affected | Versions | | ||
| --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------- | | ||
| - Microsoft Windows 10 Version 1809, 32-bit Systems, x64-based Systems, ARM64-based Systems <br/>- Microsoft Windows Server 2019, x64-based Systems <br/>- Microsoft Windows Server 2019 (Server Core installation), x64-based Systems | **versions 10.0.0 to 10.0.17763.4499** | | ||
| - Microsoft Windows Server 2022, x64-based Systems | **versions 10.0.0 to 10.0.20348.1787** <br/> **versions 10.0.0 to 10.0.20348.1784** | | ||
| - Microsoft Windows 11 version 21H2, x64-based Systems, ARM64-based Systems | **versions 10.0.0 to 10.0.22000.2057** | | ||
| - Microsoft Windows 10 Version 21H2, 32-bit Systems, ARM64-based Systems | **versions 10.0.0 to 10.0.19044.3086** | | ||
| - Microsoft Windows 11 version 22H2, ARM64-based Systems, x64-based Systems | **versions 10.0.0 to 10.0.22621.1848** | | ||
| - Microsoft Windows 10 Version 22H2, x64-based Systems, ARM64-based Systems, 32-bit Systems | **versions 10.0.0 to 10.0.19045.3086** | | ||
| - Microsoft Windows 10 Version 1607, x64-based Systems, ARM64-based Systems, 32-bit Systems | **versions 10.0.0 to 10.0.14393.5989** | | ||
| - Microsoft Windows Server 2016, x64-based Systems | **versions 10.0.0 to 10.0.14393.5989** | | ||
| - Microsoft Windows Server 2016 (Server Core installation), x64-based Systems | **versions 10.0.0 to 10.0.14393.5989** | | ||
|
||
## What has been observed? | ||
|
||
There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing. | ||
|
||
## Recommendation | ||
|
||
The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *48 hours* (refer [Patch Management](../guidelines/patch-management.md)): | ||
|
||
- [Microsoft Security Update Guide](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29360) |
25 changes: 25 additions & 0 deletions
25
docs/advisories/20240213001-Roundcube-Webmail-Known-Exploited.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
# Roundcube Webmail added to CISA Known Exploited Catalog - 20240213001 | ||
|
||
## Overview | ||
|
||
Roundcube have released a critical security advisory relating to a vulnerability impacting Roundcube Webmail. | ||
|
||
## What is vulnerable? | ||
|
||
| Product(s) Affected | CVE | Severity | CVSS | | ||
| ------------------- | ----------------------------------------------------------------- | ---------- | ---- | | ||
| Roundcube Webmail | [CVE-2023-43770](https://nvd.nist.gov/vuln/detail/CVE-2023-43770) | **Medium** | 6.1 | | ||
|
||
## What has been observed? | ||
|
||
CISA added this vulnerability in their [Known Exploited Vulnerabilities](https://www.cisa.gov/known-exploited-vulnerabilities-catalog) catalog. There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing. | ||
|
||
## Recommendation | ||
|
||
The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *48 Hours...* (refer [Patch Management](../guidelines/patch-management.md)): | ||
|
||
- [Roundcube: Security update 1.6.3 released](https://roundcube.net/news/2023/09/15/security-update-1.6.3-released) | ||
|
||
### Additional Resources | ||
|
||
- [CISA Adds One Known Exploited Vulnerability to Catalog - February 12, 2024](https://www.cisa.gov/news-events/alerts/2024/02/12/cisa-adds-one-known-exploited-vulnerability-catalog) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.